Privacy Policy
UK GDPR & Data Protection Act 2018 disclosures and how we handle personal data.
1. Who we are and how to contact us
For the purposes of UK data protection law, SBank acts as a "data controller" in relation to the personal data we process about you, meaning that we determine the purposes and means of the processing.
Our registered contact address (or main business address) is:
Stc House, Speke Hall Road, Liverpool, United Kingdom, L24 9HD
If you have any questions about this Privacy Policy or about how we handle your personal data, you can contact us at: support@s-bank.online.
2. The personal data we collect
The types of personal data we collect and process will depend on the products and services you use and how you interact with us. In general, we may collect and process the following categories of personal data:
- Identification data, such as your full name, date of birth, nationality, place of birth, and identification numbers from passports, ID cards or residence permits;
- Contact details, such as residential and correspondence addresses, email addresses and telephone numbers;
- Account and relationship data, such as customer numbers, internal identifiers, account numbers, account types, and information regarding the status of your relationship with SBank;
- Financial and transactional information, such as account balances, payment instructions, transaction histories, payee and payer details, IBANs, card identifiers, and transaction metadata (for example, descriptions and references you or counterparties provide);
- KYC/AML information, such as copies of identity documents, proof of address, information about your occupation, employment, business activities, tax residency, and information on the source of your funds and wealth;
- Technical and usage data, such as IP address, device identifiers, browser type and version, operating system, language settings, time zone, access logs, and information about how you navigate and use our online services;
- Communications data, such as records of your interactions with our support team (including chat logs, call notes and email correspondence), complaints, feedback and survey responses;
- Security and fraud-prevention data, such as authentication data, login attempts, security questions, records of suspicious activity, and other information we generate or obtain to protect you and SBank from fraud and misuse.
3. How we obtain personal data
We may obtain personal data directly from you, from your use of our services, and from third parties. In particular, we collect personal data when you:
- apply to open an account or use our services, whether online or through another channel;
- complete forms, upload documents or provide information during onboarding, KYC/AML checks or ongoing reviews;
- communicate with us by email, chat, phone or other support channels;
- use our website, online banking or mobile applications; or
- participate in surveys, promotional activities or beta-testing of new features.
We may also receive personal data about you from:
- other financial institutions and payment service providers involved in your transactions;
- identity verification and KYC/AML service providers that assist us in meeting regulatory obligations;
- public authorities, regulators and law enforcement agencies, where we are required or permitted to obtain or share information;
- public sources, such as company registers, sanction lists and media reports; and
- other third parties where this is necessary and lawful (for example, our professional advisers or partners).
4. Purposes and legal bases for processing
We process personal data only where we have a lawful basis to do so under UK GDPR. Depending on the context, we may rely on one or more of the following legal bases:
- Performance of a contract: to take steps at your request prior to entering into a contract, and to perform our obligations under the contract for account opening, payments and related services;
- Compliance with legal obligations: to comply with obligations under financial services, AML/CTF, sanctions, tax, consumer protection and other applicable laws and regulations;
- Legitimate interests: to pursue our legitimate business interests in a manner that does not override your fundamental rights and freedoms, such as improving and securing our services, managing risk, and responding to enquiries;
- Consent: where required by law, for example, for certain types of marketing or optional cookies/analytics;
- Protection of vital interests or public interest: where processing is necessary to protect someone’s vital interests or for reasons of substantial public interest as recognised in UK law.
Examples of processing activities include:
- assessing and processing your application for our products and services;
- establishing and maintaining your account, including executing and monitoring payment transactions;
- carrying out identity verification, KYC/AML checks, sanctions screening and risk assessments;
- detecting, investigating and preventing fraud, financial crime and misuse of our services;
- responding to your enquiries and providing customer support;
- improving our websites, applications, products and user experience;
- performing internal reporting, analytics and management information, in de‑identified or aggregated form where possible; and
- complying with requests and orders from courts, regulators and law enforcement agencies.
5. Sharing your personal data
We may share your personal data with carefully selected third parties where necessary for the purposes described above and where a lawful basis exists. This may include:
- other financial institutions, payment schemes and payment service providers involved in processing your transactions;
- cloud hosting, IT, communications and security providers who support the operation of our services;
- identity verification, credit reference and AML/CTF screening providers;
- professional advisers such as lawyers, auditors and consultants;
- regulators, supervisory authorities, courts and law enforcement agencies where required or permitted by law; and
- other entities in connection with corporate transactions (such as mergers, acquisitions or restructurings), subject to appropriate safeguards.
Whenever we share personal data with third parties acting as our processors, we ensure that they are bound by contractual obligations to handle the data securely and only in accordance with our instructions and applicable law.
6. International transfers
In some cases, personal data may be transferred to, and processed in, countries outside the United Kingdom. Where we do so, we take steps to ensure that an adequate level of protection is provided for your personal data as required by UK GDPR.
This may include, for example:
- relying on adequacy regulations issued by the UK Government for certain jurisdictions; and/or
- entering into contracts based on the UK International Data Transfer Agreement or other approved standard contractual clauses, together with appropriate technical and organisational measures.
7. Data retention
We retain personal data for as long as necessary to fulfil the purposes for which it was collected and to comply with our legal, regulatory and contractual obligations. Retention periods may vary depending on the type of data and the context in which it was collected.
In general, we retain core account and transaction records for at least the minimum period required by financial services and AML/CTF regulations (which may typically be at least five years after the end of the business relationship or the date of a one‑off transaction), and longer where needed for the establishment, exercise or defence of legal claims or where required by supervisory authorities.
8. Your rights
Under UK data protection law, you have a number of rights in relation to your personal data, subject to certain conditions and exemptions. These include:
- the right of access to your personal data and to obtain a copy of it;
- the right to request correction of inaccurate or incomplete personal data;
- the right to request deletion of your personal data where there is no lawful basis for us to continue processing it;
- the right to request restriction of processing in certain circumstances;
- the right to object to processing based on our legitimate interests, on grounds relating to your particular situation; and
- the right to data portability in relation to certain data which you have provided to us and which we process by automated means.
To exercise your rights, please contact us using the details above. We may need to verify your identity before responding to your request. Some rights may not apply where we are required to retain or process data due to legal or regulatory obligations, for example under AML/CTF laws.
9. Cookies and similar technologies
Our websites and online services may use cookies and similar technologies to enable essential functionality, enhance user experience and collect analytics. Where required by law, we will obtain your consent before placing non‑essential cookies on your device. You can manage your cookie preferences through your browser settings or any cookie management tools we provide.
10. Security of your data
We implement appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction or damage. These measures may include encryption, access controls, network security, logging and monitoring, secure development practices and periodic testing of our systems.
While we take reasonable steps to safeguard your data, no system can be guaranteed to be completely secure. You also play an important role in protecting your information. We strongly recommend that you keep your login credentials confidential, use strong and unique passwords, enable multi‑factor authentication where available and notify us immediately if you suspect any unauthorised access to your account.
11. Automated decision-making and profiling
In certain circumstances, we may use automated systems to make decisions or to profile customer behaviour, for example, to detect unusual transactions that may indicate fraud or financial crime. Where such processing has a legal or similarly significant effect on you, we will ensure that appropriate safeguards are in place, including the possibility of human review where required by law.
12. Complaints and supervisory authority
If you have concerns about how we handle your personal data, we encourage you to contact us first so that we can try to resolve the issue. You also have the right to lodge a complaint with the UK data protection supervisory authority (the Information Commissioner’s Office, ICO) or with another competent authority where applicable.
13. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, in technology, in legal or regulatory requirements, or for other operational reasons. When we make significant changes, we will take reasonable steps to inform you, for example by displaying a notice in our online banking environment or by sending you a notification.
The most current version of this Privacy Policy will always be available on our website. Where required by law, we will seek your consent to material changes that affect how we process your personal data.
Last updated: 19 January 2026